How to Encrypt your Android Phone (a Complete Guide) -

How to Encrypt your Android Phone (a Complete Guide)

Douglas Crawford

Douglas Crawford

October 9, 2015

All new iPhones are now encrypted by default, which is something that has alarmed law enforcement services the world over. Google also announced that it would start encrypting Android phones by default, and although it has reneged somewhat on this promise, it still strongly recommends that manufacturer’s ship their phones with full-disk encryption pre-enabled.

Regardless, it is a simple matter for owners of unencrypted Android phones (Gingerbread 2.3.4+) to encrypt their both their phone and any SD cards they use. Note also that if you are interested in improving your privacy and security on your Android device, you should also check out our article on 5 Best VPNs for Android.

Why do I want to encrypt my phone?

Most of us these days keep a vast amount of personal information on our smart phones – photos, contact numbers and addresses, passwords, bank details, emails, etc. In addition to this, business users often keep sensitive information on their phones that is vulnerable to corporate espionage.

While a standard lock-screen code will deter casual theft of your data if you lose your phone, to a determined tech-savvy adversary the lock-screen offers little real protection.

Encrypting your phone, on the other hand, makes it secure against almost all forms of attack, and will probably foil even the NSA.

Reasons not to encrypt your phone

Encryption/decryption takes processing power, and will therefore slow down your phone a little*. On faster phones you are very unlikely notice a difference, but users of slower phones may want to think twice before encrypting them (this is likely the main reason Google dropped its requirement that all new phones be encrypted by default.)

*Note that both of these articles test performance using a Google Nexus 6, which as Android Central notes, “causes a greater discrepancy in performance than we’d see with most other devices, thanks to Qualcomm’s crypto engine.” We therefore decide to perform our own tests using our Samsung Note 4 and the AndEBench-Pro 2015 industry-standard benchmarking tool.

EEMC before

Before phone encryption

EMMC afterAfter phone encryption

As we can see, encrypting the phone caused a 9% performance hit. Such is the price of security, but we have to say that we didn’t notice a real difference in practice.

Another issue is that it is not easy to reverse the encryption process should you change your mind. It can be done by factory resetting your phone, but this will mean that you lose all data stored on the phone.

Is it legal?

Encrypting your phone is legal pretty much everywhere. In the Unites States, the California Supreme Court has ruled that although police can legally search an unencrypted phone at the time of arrest, a warrant is required if the phone is encrypted. In Canada, the Court of Appeal for Ontario has issued a similar ruling.

Of course, even with a warrant, an encrypted phone cannot be accessed unless you divulge your Master Password. US citizens are probably protected from doing this by the Fifth Amendment right against self-incrimination, but UK citizens (for example) can be legally compelled to disclose their passwords under the Key disclosure law.

If these issues are important to you, then we strongly suggest researching the legal situation regarding mandatory decryption of data in your country.

How secure is Android full disk encryption?

Android full disk encryption is based on dm-crypt, an open source transparent disk encryption subsystem used in Linux.  It uses cipher mode 128-bit AES-cbc with essiv:sha256, and the Master Password is protected using AES-128. Android versions 4.4+ further harden the Mater Password against brute-force attacks with 2000 iterations of PBKDF2.

A detailed discussion on the encryption used is available here, but the long and the short of it that accessing encrypted data on your phone is pretty much impossible (without knowing your Master Password.)

How to encrypt your phone

For this tutorial we are using an unrooted Samsung Galaxy Note 4 running Android 5.1.1, but the process should be very similar for all Android phones (and other Android devices.)

  1. Plug your phone into a power source. The process can take an hour or more (depending on how much data requires encrypting), and you really don’t to run out of juice half way through!
  2. Ensure that you have backed-up all your important data.
  3. Go to Settings -> Lock Screen -> Screen Lock -> [enter current password] -> Password and create a password that is at least 6 characters long, and contains at least 1 number. Unfortunately there is a limit of 16 characters, which makes using strong passphrases more or less impossible.


If you do not perform this step first, you will be sent back to do it when you start to encrypt your device

  1. Go to Settings -> System -> Security -> Encrypt device


  1. Select “Encrypt Phone” to confirm encryption. You will be asked once more to confirm your password, then sit back and relax as Android does its thing…

encrypting phone

For us, this took around 45 minutes

Password boot

Once done, you need to enter your master password each time you reboot your phone

Unfortunately, with encryption enabled, pattern and PIN unlock are disabled on the lock screen. This could be something of a nuisance, and is worth bearing in mind when deciding whether or not to encrypt your phone. Fortunately for us, it is possible to re-enable the fingerprint scanner on the Note 4 after encryption.

The only way to reverse phone encryption is to reset the phone to its factory-default settings. If you do this, all data stored on the phone will be erased. You will also be permanently unable to access encrypted data on your SD card (as the SD card encryption keys will be deleted), so make sure you decrypt an encrypted SD card before performing a factory reset of the phone.

To factory reset you phone go to Settings -> Personalisation -> Backup and reset ->Factory data reset.

How to encrypt your SD card

In addition to encrypting the phone itself, it is possible to encrypt external SD cards (on phones that still support this very handy feature.)

Cards can only be used on the phone on which they are encrypted, but unlike phone encryption, SD card encryption can be fairly easily reversed. As noted above, if you factory reset your phone without first decrypting encrypted files on your SD card, these files will be lost.

To encrypt an SD card, simply go to Settings -> System -> Security -> Encrypt external SD card -> Enable, and follow the instructions.

You will be offered the choice of whether to exclude multimedia files from the encryption process (in order to save time) and asked to confirm your Master Password. Note that you will need around 2GB free space on the SD card before it can be encrypted.

SD card encrypt

SD encryption ongoing

The process can take a while, depending on how much data needs to be encrypted (but you can use your phone while this happens)

SD card encryption is completely transparent in use, as long as you access encrypted files from the password-protected phone you encrypted them on. The files cannot now be accessed in any other way.

diable SD encryption

Unlike with full-disk-encryption, SD card encryption can be easily reversed. Simply go to Settings -> System -> Security -> Encrypt external SD card -> Disable (you will be asked to confirm your master password)

Encrypting Android Conclusion

Making your phone more secure by encrypting it is very easy, and we find the added security a more than acceptable trade-off for the 9% performance hit this incurs for us (which in real-like use we don’t notice anyway.)

We do think that having to use the same master password used to secure the phone in order to disable the lock screen could be an issue. Thanks to the Note 4’s fingerprint scanner this is not a problem for us, but we can see those without such a scanner becoming pretty frustrated at having to enter a secure password every time they unlock their phone.

Douglas Crawford
March 12th, 2018

I am a freelance writer, technology enthusiast, and lover of life who enjoys spinning words and sharing knowledge for a living. You can now follow me on Twitter - @douglasjcrawf.

53 responses to “How to Encrypt your Android Phone (a Complete Guide)

  1. Ajay singh says:

    Is it possible to get in the encrypt ed note4 which have a fingerlock + third party app lock. I had done fairly on my note4 Samsung . Is it possible to break the lock or not I am confused. Please write about this. Factory reset with out password.should I get back to another device
    By having account details and correct password.

    1. Douglas Crawford says:

      Hi Ajay,

      – I you have the correct password you can open an encrypted Android device (including a Note 4).
      – If you do not have the correct master password then it should be impossible (at least in theory). After all, that is the entire point of encrypting it!
      – A factory reset will remove the encryption but also wipe all your data. But you should, at least, be able to use your phone again.

  2. Foley Hund says:

    If one backs up their android on a pc, then encrypts it. Then sometime in the future decides to reverse the encryption, I assume the old back up can be put back onto the android.

    1. Douglas Crawford says:

      Hi Foley,


  3. Paul K. says:

    Really enjoyed & appreciate your in-depth info in this article – thank you. Could you inform me as to pros & cons of encrypting a ROOTED LG Optimus F3 phone(Android 4.1.2 OS), which puts external storage to its sd card via the “Link2SD” app (because internal storage is only 1.2 GB) ?

    1. Douglas Crawford says:

      Hi Paul,

      Please first note that I am not persoanlly familiar with LG Optimus F3, but is my understanding that the Link2SD app is only required for moving entire asps over to the SD card. Whether or not the SD card is encrypted should have no effect on this. The card is decrypted when the phone is first turned on, and thereafter works as a normal (unencrypted) SD card. As for cons – the Optimus F3 does not have a fingerprint sensor, so you will need to enter your passphrase each time you want to access your phone.

  4. Karlos James says:

    Thank you for the articular. I have a couple of questions please:

    1: Once an SD card is encrypted is it only good to use in that phone. Even after decryption can it be be used in another devise ie. in a new phone or in laptop, or is it a throw away with the phone.

    2:Once encrypted is the lockscreen still in use with the password, or does the phone have to be decrypted from standby therefore taking a long time to “turn on.”

    Thank you

    1. Douglas Crawford says:

      Hi Karlos,

      1. An encrypted card can only be used or decrypted by the phone it was encrypted on. But if you decrypt the card (using that phone), it can then be used as a normal SS card on other devices.

      2. The lockscreen is still in use with the password. Decryption only happens when the phone is first turned on. So turning the phone on takes longer than normal, but once on (including when on standby), you are unlikely to notice the phone running any slower.

  5. Tammy says:

    Hello. I was doing some research and came across your article. I had (still have) an LG G3 which I fully encrypted (phone and SD card). The touch screen quit working so I could not enter my password to decrypt the phone nor the SD card to transfer files to my new phone. All of the files are still on my SD card but are encrypted and cannot be “read” by my new phone. Any suggestions as to how I can decrypt the SD card?

    Thank you.

    1. Douglas Crawford says:

      Hi Tammy,

      Ouch. You have a problem. When you encrypt an SD card with an Android phone, it can only be decrypted using the same phone. I’m not 100% sure it will work with every Android phone, but what I would try is this: Get a USB OTG cable and plug in a USB keyboard (or even better, a wireless keyboard and mouse dongle). Assuming that you can see the screen, this should allow you to enter your password to unlock your phone. You can then use the keyboard (and mouse, if used) to navigate your phone and decrypt your SD card. Note that I just tried doing this on my Note 4 and it worked a treat, so fingers crossed.

  6. Ashique says:

    my Samsung galaxy S3 was encrypted.i can’t re-encript my phone.i can’t to change my password.plz Help me.

    1. Douglas Crawford says:

      Hi Ashique,

      The only way to remove the existing encryption is to factory reset you phone. Go to Settings -> Personalisation -> Backup and reset -> Factory data reset. Warning: this will erase all data on your phone!!! Once this is done you will be able to re-encrypt your phone should you want to.

  7. jeff says:

    well am from nigeria, i did encrypt my phone for just 48min and it was cool

  8. Mohammad Owidat says:


    I want to ask about the updates, I use to have Sony Xperia and I encrypted it, everything was good until I received an update where I was unable to update the phone (it use to ask me to decrypt the phone first, and when I try to decrypt, it keep telling me that the phone will wipe all data decrypt it! so I did not decrypt the phone because I was afraid that it will delete all of my data).

    Now I have Note 4 (5.1.1), and Android 6.0 is almost there (which is taking forever!), so if I encrypted the phone now, do I still get the updates? or I have to decrypt it before update it? or do I lose any data if I decrypt it?

    1. Douglas Crawford says:

      Hi Muhammad,

      Hmm. My Note 4 is now running Android 6.0.1. It had no problem updating while encrypted, and it updated automatically. So fingers crossed…

    2. TWK says:

      Hi. My Samsung Galaxy 4S active has been flawless until last night. I encrypted it two years ago with no issues. Last night it would not take my password–the same password I’ve bee using everyday for the pass two years. We did a factory reset but now the phone isn’t encrypted and it will not re-encrypt. Any suggestions on how to re-encrypt a previously encrypted, factory reset S4 active?

      1. Douglas Crawford says:

        Hi TWK,

        Strange! I’m afraid that I have never encountered this situation – as far as I know, it should be easy enough to re-encrypt your phone. Maybe one of our readers might be able to help?

  9. Angel says:

    Hey I wanted to know I was not aware of this thing so for removing mydata from phone I first restored it from factory settings
    Then after reading this I encrypted it
    Thirdly I again factory restored it?
    Is my data now erased ,encrypted permanently???

    1. Douglas Crawford says:

      Hi Angel,

      Restoring to factory settings does just that – it wipes all personal data from your phone and returns it to state it was in when it shipped from the manufacturers factory. Factory resetting an encrypted phone will delete all personal data and remove the encryption. A factory reset is the only way to decrypt an encrypted phone.

      1. Angel says:

        I means after restoring factory settings my data can be recovered of I sell it?

        1. Douglas Crawford says:

          Hi Angel,

          After restoring factory settings your data cannot be recovered. This means that your phone is safe to sell.

  10. Maria says:

    Hi Douglas,
    My phone (samsung galaxy s4) has been encrypting for two hours is it normal? How much more time should it take? And if I didn’t back it up will i lose my data?
    Thank you

    1. Douglas Crawford says:

      Hi Maria,

      Hopefully by the time I write your phone is now successfully encrypted! Yes, 2 hours (or even 3, sounds reasonable).

  11. Johan says:

    I heard that the decryption key is stored in the memory while the phone is on.
    Does this mean that its possible to extract the key while the phone is on?

    1. Douglas Crawford says:

      Hi Johan,

      You are correct the the decryption key is stored in RAM. This potentially makes it vulnerable to a cold boot attack.

  12. Vanessa says:

    Hi Douglas,

    I just learned about this today and during my research I came across this page and information.
    Thank you so much for sharing it and for your prompt and thorough response to each reply. I have a Samsung S3 and am encrypting my SD card right now. It’s a 64 gig card with a lot of info on it (documents, pictures, videos and music) so it’s taking a while to finish. I’m totally okay with that.
    I have a few questions.
    I occasionally remove my SD card in order to transfer data from my PC to my phone, (I have an SD slot on my PC which makes this process a breeze).
    Will I still be able to do this or do I have to make all transfers via USB cable?
    Is it okay to unmount and mount the SD card after encryption?
    If I am able to transfer data via my PC to my phone, once my SD card is inserted into my PC card slot will my PC recognize the fact that the SD card is encrypted? Does it matter?
    Will I have to enter the password on my PC in order to transfer data onto the SD card?
    I just realized that some of my phone apps have been transferred to my SD card. Will they be affected by the encryption?
    Can an encryption be done on the SD card that I have in my Samsung tablet A 9.7, (I have been looking and so far have not seen anything that says that it can be done)?

    Thank you so much in advance 🙂

    1. Douglas Crawford says:

      Hi Vanessa,

      I’m glad this information is useful to you :).

      1) No, as this would completely invalidate the point of encrypting your card in the first place! Once your phone has decrypted the card (on bootup) you can make transfers via the phone’s USB cable (I personally do not find this to be much of an inconvenience).

      2) Yes, but the data is only be available once mounted on your phone.

      3) Your card is encrypted, so all data on it will be unavailable to your PC. I’m afraid that I don’t have an SD card slot for my PC to check exactly what it sees – I’m pretty sure that you won’t be able to transfer data (unencrypted) to the card, although I don’t see any harm being done if you want to give it a try (and if you can do it, then the data will not be encrypted). Basically, you read and write to the card via your phone’s USB cable.

      4) You phone decrypts your SD card, so if you transfer files via the phone’s USB cable then you will not need to enter a password. You will not be able to transfer files directly via your SD card reader.

      5) No, encrypting your phone will not affect your transferred apps (I’ve moved as many apps as I can over to my encrypted 64gb SD card, both before and after encryption).

      6) I can’t give you any information specifically about the Samsung tablet A 9.7, but can’t see why not (both phone and SD encryption are a standard feature of Android since Gingerbread 2.3.4). Look in the System -> Security settings. If the option is there, then you can do it!

  13. Jim says:

    hi, i have encrypted my Huawei Mate7 and the screen lock pass is still the one that i used before encryption (a different one than encryption’s) is that right? also i would like to know what about the data that i add from now on to my phone. Are they gonna be encrypted as well or need to repeat encryption every while?

    1. Douglas Crawford says:

      Hi Jim,

      1) Yup. Please see my notes for Step 3.
      2) All data is now automatically encrypted. There is no need to re-encrypt.

  14. Moro says:

    Is ther is any way to encrypt download mode at samsung note 3 .. i don’t want anyone format or flash my phone ..

    1. Douglas Crawford says:

      Hi Moro,

      I’m afraid that I don’t really understand your question. What do you mean by “download mode”?

  15. TKukler says:

    Recommend not using fingerprint scanner ALONE. Fingerprints cannot be changed (passwords have this advantage) and can be easily lifted without your knowing see the 200 youtube videos if you don’t believe me, AND your fingerprint can be legally compelled by police & others just like DNA swabbing can be. Instead, choose a longish password (and don’t divulge it – it’s your right.)

    1. Douglas Crawford says:

      Hi TKukler,

      The problem is that with Android encryption you need to enter a password every time your phone goes into standby! All security is a trade-off between security and usability, and entering a long password (plus using the fingerprint scanner) every time I pick up my phone breaks the usability side of the equation quite badly…

  16. Jolie says:

    It only took 15 mins thanx for the info

    1. Jolie says:

      Every since I have encrypted my phone and SD card (note4) I haven’t been able to receive picture messages… is there a solution to this?

      1. Douglas Crawford says:

        Hi Jolie,

        Hmm.. I do not have this problem – odd. Is it when you use your regular SMS app? If so then you could try using a different app for your SMS messages (I recommend Signal – see here for a review.)

  17. Jolie says:

    Hello, my question is once I do an encryption to my phone and SD card will it still look the same once I unlock with master password. Will my games remain the same, will I have same access as I do now? I have a Note4.

    1. Douglas Crawford says:

      Hi Jolie,

      Yes – everything remains the same. Boot-up takes somewhat longer and you get a message telling you that the SD card is encrypted at startup, but otherwise everything remains the same.

  18. Liv Lim says:

    I encrypted my phone
    recently before reading your
    post. The anti-virus app’s graphics was acting erratically. So I did a uninstall/install process.Now everything’s fine.However the phone took half an hour (much more than usual) to decrypt before it displayed the lock screen for the following reboot.I think it is because of the change in the anti-virus app’s data.Is it correct?

    1. Douglas Crawford says:

      Hi Liv,

      Well, half an hour is a very long time to boot, but boot does take longer after encryption (about 5 minutes on my Note 4). You could try decrypting your phone now that the troublesome anti-virus app is gone, the re-encrypting…

  19. scott says:

    What slices or partitions on the internal drive actually do get encrypted? It’s called “Full Disk Encryption” but I suspect it’s not the entire disk. I’m guessing only /data ? Other slices are /boot, /system, /recovery, /data, /cache, and /misc.

    1. Douglas Crawford says:

      Hi scott,

      As I understand it, the entire internal disk is encrypted. For a full description of how Android full disk encryption works, see here.

  20. Richard Lopez says:

    Douglas I have an LG G3 and am thinking of encrypting the phones internal but not the SD card to be able to move files on and off of the card. Is this separation recommended?
    Also should all apps be internally located and can I have app downloads be located on the SD card while the app is internal and encrypted?
    I’m looking just to keep contacts, messages and emails encrypted while music and pictures aren’t. Can some pdf. and Word Doc. be both encrypted and un encrypted since not all are private?

    1. Douglas Crawford says:

      Hi Richard,

      Sure. Whatever is on the internal memory (the phone) will be encrypted, and on the unencrypted SD card… not. This includes both files and apps, so if you keep your message, contact and email apps on your phone all messages etc. will be encrypted. Keep any .pdfs and .docs you want encrypted on your phone, and move everything else to the SD card.

  21. Randy says:

    What would be the point of encrypting my note 4 using a good difficult password then after finishing encrypting it go in and switch over the lock screen to a finger print scanner from the good password i just got through thinking of, that would defeat the whole purpose of encrypting the phone in the first place if it can be unlocked with a simple swipe of a fingerprint

    1. Douglas Crawford says:

      Hi Randy,

      It prevents the use of alternative methods to enter your phone (such as via booting into recovery mode). It also means that once a device is turned off, the password is needed.

    2. Shadowed says:

      The reason is because say someone technology smart steals your phone. They know first turn it off and pull the sim card… Next to get around your fingerprint lock and access your phone boot the phone with a program to bypass it………. ohh wait they had to reboot your phone. That means now all your info is encrypted behind your secure password. They cant just bypass your fingerprint to access your data.

      Encryption is diffrent that a screen lock. Think of your front door as a lock screen, put in the key open the door or jjst break it down. Then think of encryption as an force field around the house that makes the thing unrecognizably blurry. You know the house is in front of you but you can’t make out the front door from the back door or window or garden or sog house or anything. You just see the force field, the phone, and u can see the house in ot just can’t figure out any part of the house, the encrypted data.

  22. Lindy says:

    In order to have my work e-mail on my phone, I needed to install some apps (Touchdown, Avast , airwatch)
    As soon as I installed this, and received my work mail, I couldn’t access my SD card anymore and received a notification that it was due to security settings. I had to encrypt it. So I first encrypted my phone and now want to encrypt my SD card. However, that option is not ‘clickable’ in the settings. And when my phone starts I see a notifcation that it save to remove SD card. When I put it bac kin I get: use of SD card is resticted due to security policy (translated) Do you know how I can access or encrypt my SD card again? Thanks!

    1. Douglas Crawford says:

      Hi Lindy,

      I am not 100% sure, but this sounds like an AirWatch issue, in which case you will need to ask your IT administrator to give you permission to access your SD card. If this is not the case, then I suggest uninstalling all the apps mentioned, and then trying to encrypt your SD card. When you reinstall the apps, check your SD card access each each time, to help you determine the culprit if the problem persists.

  23. Drew says:

    Besides the character limit and the presence of at least one number, what other sort of character limitations are there to these encryption passwords? Are special characters allowed? Will Android check and prevent these character limitations or will they be silently unaccepted?

    1. Douglas Crawford says:

      Hi Drew,

      To be honest, I don’t know about other character limitations, but Android will not perform the encryption unless it accepts your password. You should therefore be fine experimenting with what it will and will not accept. Do remember that the Lock Screen uses the same Mater Password as you use to encrypt your phone, so selecting a very complex master password could be real pain in day-to-day use. And yes, the lack of a separate password (or PIN/pattern unlock support) for the Lock Screen is an issue for users with phones that do not have a fingerprint scanner…

  24. Sue says:

    I encrypted my phone and now I’m stuck….I didn’t back up my pictures and videos,so if I decrpypt it,I don’t know if I will mess my phone system up…Locked screen is a BIG problem when I NEED to contact someone quickly…I don’t know what to do now..
    Thank you for this article…

    1. Douglas Crawford says:

      Hi Sue,

      The only way to decrypt your phone is to factory reset it, which will mean that you lose all your photos and videos etc. on the phone. However, there is nothing stopping you backing up your stuff before doing a factory reset – just plug your phone into a computer via its USB cable and copy your photos etc. across (or use a cloud based service such as Dropbox, or a spare (unencrypted) SD card etc.) You should also backup your contacts,download folder, and anything else you want to keep. If you play games on your phone then you may lose your saves, but other than that you should be able to back everything up (and transfer it back to your phone after the factor reset, if you wish). Do remember to decrypt any encrypted SD cards before you factory reset your phone, or you will lose all encrypted data on them.

Leave a Reply

Your email address will not be published. Required fields are marked *